[hooks/security] provide attribute "add" permission
As of today, the update permission on attributes is checked at entity
*creation* time. This forbids using update permissions the proper way.
We set it to be checked at entity update time only.
We introduce a specific 'add' permission rule for attributes.
For backward compatibility, its default value will be the same as the
current 'update' permission.
Notes:
* needs a new yams version (ticket #149216)
* introduces two new 'add_permissions' rdefs (attribute - group|rqlexpr)
* if the update permission was () and the bw compat kicks in, the rule
is not enforced, to avoid un-creatable entity types -- this
restriction will be lifted when the bw compat is gone
* small internal refactoring on check_entity_attributes
* one small pre 3.6.1 bw compat snippet must be removed from schemaserial
Closes #2965518.
<html>
<head>
<!-- dependencies -->
<script type="text/javascript" src="utils.js"></script>
<script type="text/javascript" src="../../data/jquery.js"></script>
<script src="../../data/cubicweb.python.js" type="text/javascript"></script>
<script src="../../data/cubicweb.js" type="text/javascript"></script>
<script src="../../data/cubicweb.compat.js" type="text/javascript"></script>
<!-- qunit files -->
<script type="text/javascript" src="../../../devtools/data/qunit.js"></script>
<link rel="stylesheet" type="text/css" media="all" href="../../../devtools/data/qunit.css" />
<!-- test suite -->
<script src="cwmock.js" type="text/javascript"></script>
<script src="test_utils.js" type="text/javascript"></script>
</head>
<body>
<div id="main"> </div>
<h1 id="qunit-header">cw.utils functions tests</h1>
<h2 id="qunit-banner"></h2>
<ol id="qunit-tests">
</body>
</html>